Hi folks, following up on relevant doc provided by ajaykumar_suri
https://backstage.forgerock.com/docs/idcloud/latest/idm-auth/authorization-and-roles.html
You may need to go through the guide for full context, but I believe this will allow the opening delete method to work for specific users.
The following rule (from a default access.json
file) shows the access configuration structure:
{ "pattern" : "system/*",
"roles" : "internal/role/openidm-admin",
"methods" : "action",
"actions" : "test,testConfig,createconfiguration,liveSync,authenticate"
}
This rule specifies that users with the openidm-admin
role can perform the listed actions on all system
endpoints.
The parameters in each access rule are as follows:
pattern
The REST endpoint for which access is being controlled. "*"
specifies access to all endpoints in that path. For example, "managed/realm-name_user/*"
specifies access to all managed user objects.
roles
A comma-separated list of the roles to which this access configuration applies.
The roles
referenced here align with the object’s security context (security.authorization.roles
). The authzRoles
relationship property of a managed user produces this security context value during authentication.
methods
A comma-separated list of the methods that can be performed with this access. Methods can include create, read, update, delete, patch, action, query
. A value of "*"
indicates that all methods are allowed. A value of ""
indicates that no methods are allowed.
I hope you find this helpful.